Zcash is a cryptocurrency that offers privacy and selective transparency of transactions. Zcash payments are published on a public blockchain, but the sender, recipient, and amount of a transaction may remain private.[1][2] The Zcash trade symbol, ZEC, is not an official ISO 4217. Like Bitcoin, Zcash has a fixed total supply of 21 million units.[3]

Contents

Technology

Privacy

Comparison

On traditional blockchains such as Bitcoin and Ethereum, every entry into the blockchain reveals both the amount of the transaction and the parties involved in the transaction. Bitcoin's CoinJoin obfuscates the amounts and recipients by allowing users to pool transactions together. It does not hide the total amount value of the pooled transactions, only how the total amount is split between future transactions. It also requires active participation between clients.

BitShares 1.0 featured the ability to hide the total transaction amount, but not the receiver and recipient of the transaction. However, total transaction amounts can leak by checking the values of previous and future transactions.[4]Monero goes a step further in creating a large number of dummy inputs and outputs for each transaction, creating a much larger set of addresses connected to a given transaction. This too can leak information as clients must create dummy transactions that mimic real transactions. Between April 2014 and January 2017, 62% of all Monero transactions were linkable due to client software creating dummy inputs to transactions from wallets without any balance. Other patterns leaked information about 90% of transactions.[5]

Zcash

Zcash uses novel cryptographic zero-knowledge proofs (zk-SNARKs) to protect both amount and recipient on special, "shielded" transactions. This increases the set of potential inputs and outputs for a given shielded transaction, to potentially every shielded address on the Zcash blockchain that an adversary cannot exclude via other sources of information.[6] Although the probability of a shielded input corresponding to any previous shielded output is not uniform (for example, older addresses are less likely to be in use), no information about this is leaked by the transaction itself, other than what can be inferred from timing and metadata (number of shielded transfers, etc). In principle, this is as large as the anonymity set for any public blockchain can become, as a transaction must be recorded.

Zcash also allows for transparent transactions, which do not provide any privacy protections at all. This is due to shielded addresses lacking certain features (such as multi-signature wallets) and the hardware requirements to generate a shielded transaction (a copy of the blockchain and ~3GB of RAM[7]). It is thus possible to correlate transactions when a transparent address sends a given amount to a shielded address and later that amount is transferred to a transparent address. What was private can now be inferred through indirect knowledge thanks to knowing the "inputs and outputs."

It is also possible for a network adversary observing IP addresses to correlate transactions. VPNs, Tor, and I2P can be used to hide IP addresses and there are ongoing efforts to enable Tor by default.

Zcash supports "selective disclosure" capabilities, which allow a user to optionally prove that transactions have occurred or reveal keys that permit their transactions to be viewed by another party. One motivation for such features is to allow users to more easily, and voluntarily, comply with anti-money laundering or tax regulations. That is, "transactions are auditable but disclosure is under the participants' control."[8] Zooko Wilcox, Zcash's founder, has hosted virtual meetings with law enforcement agencies around the U.S to explain these fundamentals. Wilcox has gone on record saying that "they did not develop the currency to facilitate illegal activity".[9]

Parameter generation

Zcash differs from most cryptocurrencies in that the monetary base required the generation of parameters that could be abused to counterfeit Zcash if "toxic waste" created in the process was not destroyed. A compromise of the "toxic waste" would not impact the anonymity or security of individual transactions, it would only allow for secret inflation.

This threat was mitigated by using a multi-party system in which six individuals would have had to collaborate to manipulate the currency. The participants involved both Zooko (CEO of the company behind Zcash) and Bitcoin core developer Peter Todd, a noted Zcash critic.[10] Zooko's ceremony was also observed by reporters and three of the participants filmed. All parameter generation took place on new hardware that was disconnected from the internet, with communication to a coordinating server taking place using write-once DVDs. The DVDs were archived and hashes of their contents published online.[11]

History

Starting in 2014, the protocol that become Zcash, at that point known as "Zerocash", was developed through a collaboration between the original Zerocoin researchers at Johns Hopkins University and a group of cryptographers at the Massachusetts Institute of Technology, the Technion – Israel Institute of Technology, and Tel Aviv University. Zerocash was an evolution of the existing Zerocoin project — the work of Matthew Green, Ian Miers, Christina Garman, Aviel D. Rubin, at The Johns Hopkins University Department of Computer Science, Baltimore. Together these researchers were able to improve upon the design of Zerocoin by making it more efficient and more private.[13]

The Zcash project, to implement Zerocash as a production cryptocurrency, was formally announced by ZECC CEO Zooko Wilcox on Jan 20, 2016.

"With the new Zerocash protocol, unlike the old Zerocoin protocol, users can make direct payments to each other with a vastly more efficient cryptographic protocol that also hides the amount of the payment, not just its origin."

This new protocol by Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza produced a coin which would no longer be an “Add-On” to the original Bitcoin but instead would be a new full-fledged digital currency.

Further refinements to the protocol, described in the Zcash protocol specification, were made by Zcash project members.[14] These included simplifications, functionality improvements, and several security fixes, including a fix to a critical security vulnerability in the instantiation of the Zerocash coin commitment scheme that if uncorrected, would have allowed forgery of coins.[15]

The first mining of ZEC was at 17:10 London Time with the release of the 1.0.0 "Sprout" release on October 28, 2016.[16][17]

In April 2017, Zcash was included among the cryptocurrencies that can be managed by Jaxx, a wallet platform available for Android and iOS.[18]

On April 4th 2017, Zcash entered the top 10 cryptocurrencies by market cap.[19]

See also

References

↑"Zcash - About"Check |url= value (help). Retrieved 2016-10-08. Zcash is a decentralized and open-source cryptocurrency that offers both private and transparent transaction types. Zcash payments are published on a public blockchain, but the sender, recipient, and amount of a transaction remain private.